Project Pages

objSQL Home
Freshmeat
PHP Classes
SourceForge
Downloads
Archived Documentation

DB Connection Methods

objSQL
obj_close

Error Handling Methods

obj_error
obj_error_message

Statement Methods

obj_delete
obj_insert
obj_paging
obj_query
obj_select
obj_update

Resultset Methods

obj_affected_rows
obj_fetch_assoc
obj_fetch_num
obj_fetch_object
obj_field
obj_free_result
obj_num_fields
obj_num_rows

Prepared Statement Methods

obj_bind
obj_close_statement
obj_execute
obj_free_statement

Transaction Methods

obj_commit
obj_rollback
obj_savepoint
obj_transaction

Utility Methods

obj_escape
obj_info
obj_row_count


obj_prepare_statement

Description:

Prepares an SQL statement for execution.

A prepared statement is a pre-compiled SQL query that returns a resource/object. This resource can then be used to execute an SQL statement multiple times and helps reduce some overhead on the server. Prepared statements use parameterized values which are executed after the prepared statement is registered and are a proven deterent against SQL injection as the query is not exposed repeatedly.

  • The query argument is required.
  • The optional params argument is required for the SQL Server PHP extension. The SQL Server PDO extension does not require this argument.
  • The obj_prepare_statement method utilizes a question mark (?) as its parameter binding marker and is called directly from the objSQL class.
  • A prepared statement can be executed multiple times and can be executed as a stand-alone SQL query without any binding parameters.

Parameters:

mixed obj_prepare_statement ( str query[, array params ] )


Returns:

Statement resource/object or false on failure.


Examples:

<?php  

try  
{  
    
$stmt $dbh->obj_prepare_statement"update mytable set dept=? where location=?" );  
      
    
$stmt->obj_bind'Sales' );  
    
$stmt->obj_bind'Chicago' );    
      
    
$rs $stmt->obj_execute();    
      
    if ( 
$dbh->obj_error() )  
        throw new 
Exception$dbh->obj_error_message() );  
          
    echo 
$rs->obj_affected_rows();  
     
    
$stmt->obj_free_statement(); 
     
    
$stmt->obj_bind'HR' );  
    
$stmt->obj_bind'New York' );    
      
    
$rs $stmt->obj_execute();    
      
    if ( 
$dbh->obj_error() )  
        throw new 
Exception$dbh->obj_error_message() );  
          
    echo 
$rs->obj_affected_rows();  
     
    
$stmt->obj_close_statement(); 
     
}  
catch ( 
Exception $e )   
{  
    
//log error and/or redirect user to error page  
}   


//SQLSRV driver  

try  
{  
    
$params = array( &$var1, &$var2 );  
      
    
$stmt $dbh->obj_prepare_statement"update mytable set dept=? where location=?"$params );  
      
    if ( 
$dbh->obj_error() )  
        throw new 
Exception$dbh->obj_error_message() );  
      
    
$stmt->obj_bind$var1="Sales" );  
    
$stmt->obj_bind$var2="Chicago" );    
      
    
$rs $stmt->obj_execute();    
      
    if ( 
$dbh->obj_error() )  
        throw new 
Exception$dbh->obj_error_message() );  
          
    echo 
$rs->obj_affected_rows();     
      
    
$stmt->obj_close_statement();  
     
}  
catch ( 
Exception $e )   
{  
    
//log error and/or redirect user to error page  
}   

?>

See also: obj_query